U.S. charges 24 people in massive hacking sting

Updated on: 2012-06-27 || Source: reuters.com

(Reuters) - U.S.
law enforcement officials on Tuesday said 24 suspected hackers had been
arrested in a sting operation spanning four continents that targeted
online financial fraud of stolen credit card and bank information.

In a two-year investigation,
FBI agents posed as hackers on Internet forums, watching as other
hackers swapped methods for breaching data security walls and creating
fake credit cards that would work for Internet and in-person purchases.

The
probe prevented $205 million in possible losses on over 411,000
compromised consumer credit and debit cards, U.S. authorities in New
York said.

Eleven people were
arrested in the United States, the Federal Bureau of Investigation and
the Manhattan U.S. Attorney's office said. The thirteen others were
arrested in countries from Britain to Japan, the authorities said.
Officials in Australia also conducted searches.

"Clever
computer criminals operating behind the supposed veil of the Internet
are still subject to the long arm of the law," Manhattan U.S. Attorney
Preet Bharara said.

During the
operation, the FBI said, it not only monitored the hackers' activities
but also contacted "multiple" people and institutions hit by the hackers
and showed them how to repair their security breaches and protect
themselves in the future.

No credit card companies or banks were named in Tuesday's court documents.

The
24 people arrested were all men aged 18 to 25. Some face up to 40 years
or more in prison if convicted on conspiracy to commit wire fraud
charges and access device fraud charges.

The
FBI operation centered around a "carding forum" that it had secretly
created in June 2010, and was in charge of running unbeknownst to its
participants, authorities said.

The
forum, called "Carder Profit," was essentially an online market for
registered users to exchange stolen account numbers. It was shut down in
May.

Two people were arrested in the New York area and were later released on bail after appearing in Manhattan federal court.

One
of the men, Mir Islam, known online as "JoshTheGod," was charged with
trafficking in 50,000 stolen credit card numbers. Authorities said Islam
had admitted to helping emerging hacker outfit UgNazi, which said it
had launched a cyber attack against the microblogging platform Twitter
last week.

Islam, 18, who lives in
the New York borough of the Bronx, appeared before U.S. Magistrate
Judge James Francis in flip-flop sandals and jeans. His parents, who are
from Pakistan, watched the proceeding from a back bench. Islam was released on a $50,000 bond.

Fellow
Bronx resident Joshua Hicks, 19, also known as "OxideDox," was charged
with one count of access device fraud. Wearing red basketball shorts,
Hicks was released on a $20,000 bond after a brief hearing before the
same judge.

Meanwhile on Tuesday,
the U.S. Federal Trade Commission filed a complaint against Wyndham
Worldwide Corp and three subsidiaries, alleging that the hotel operator
failed to keep customer data secure.

That
failure resulted in the theft of hundreds of thousands of consumers
payment card numbers, which were sent to an Internet address registered
in Russia and $10.6 million in fraudulent charges, according to the complaint.

The
cases are U.S. v Joshua Hicks and U.S. v. Mir Islam, U.S. District
Court for the Southern District of New York, Nos 12-1639 and 12-1701